Licensing problems catch SaaS vendors off guard, analyst firm says

Open source software is critical to the growth of both software-as-a-service and cloud computing, and cloud-based computing in turn is making it easier for open source vendors to lower costs, the analyst firm Saugatuck says in a new research note.

SaaS providers are flocking to open source for the same reasons as enterprise IT shops -- acquisition and licensing costs that are 80% lower than comparable proprietary offerings. Open source vendors also are gaining strength from cloud computing models, such as Amazon's Elastic Compute Cloud, which make processing, storage and other IT services available over the Web on a pay-per-use basis. (Compare storage products.)

"Saugatuck sees the development and growth of open source and SaaS for enterprise infrastructure and business software as inextricably intertwined," analyst Bruce Guptill writes. "They feed off each other's strengths, but create weaknesses in each other as well."

Specifically, SaaS vendors may run into trouble when they ignore open source licensing issues related to the General Public License (GPL). "What too many SaaS vendors don't seem to understand is the extremely long tail of open source software," one executive at an open source business intelligence vendor told Saugatuck.

"GPL terms state that vendors that alter open source code -- i.e., use open source to develop 'derivative works' -- must make that code available to the relevant community," Saugatuck adds. SaaS vendors may not realize that the open source software they use contains a range of open source components, all subject to different licenses and requirements.

"If anybody starts trolling for license violations, a lot of companies will be in a lot of trouble -- mostly for incorporating open source code into traditionally licensed models," the open source director at a leading server and hardware vendor told Saugatuck.

Enterprises routinely use open source, even when they're not aware of it. By 2011, at least 80% of commercial software will contain significant amounts of open source code, the analyst firm Gartner reported last September. Security risks related to open source software are a big concern, according to a study released just this month by Fortify Software, which says open source developers often fail to adhere to minimal best security practices.

One potential problem is the reliability of cloud-based services that provide processing and storage to open source vendors. Amazon's S3 online storage service has suffered two notable outages this year, disrupting Web sites that rely on the Amazon infrastructure.

Open source software vendors in particular are gravitating toward Amazon because it's significantly less expensive to utilize a cloud-based service than it is to build out an internal data center, Saugatuck found.

Saugatuck's research note was the result of annual outreach to open source vendors. A more thorough report on the open source industry will be released by the analyst firm in September.